Lucene search
+L

14 matches found

nessus
nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-46446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References2
redos
redos
added 2024/12/16 12:0 a.m.13 views

ROS-20241216-07

A vulnerability in the asynchronous client and server implementation of the SSHv2 protocol on top of Python python-asyncssh is related to a lack of data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely, to control a remote SSH client session by injecting ...

6.8CVSS6.8AI score0.00867EPSS
Exploits0
ubuntu
ubuntu
added 2024/12/12 6:58 a.m.8 views

USN-7108-2: AsyncSSH vulnerabilities

USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...

6.8CVSS7AI score0.00867EPSS
Exploits0
nessus
nessus
added 2024/11/14 12:0 a.m.16 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : AsyncSSH vulnerabilities (USN-7108-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7108-1 advisory. Fabian Bumer, Marcus Brinkmann, and Jrg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References3
nessus
nessus
added 2023/11/25 12:0 a.m.16 views

Fedora 39 : python-asyncssh (2023-d2956318e4)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d2956318e4 advisory. Security fix for CVE-2023-46446 and CVE-2023-46445 Tenable has extracted the preceding description block directly from the Fedora security advisory...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References3
susecve
susecve
added 2023/11/15 1:57 a.m.2 views

SUSE CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS9.2AI score0.00867EPSS
Exploits0References3
osv
osv
added 2023/11/14 3:15 a.m.1 views

DEBIAN-CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS7AI score0.00867EPSS
Exploits0References1
prion
prion
added 2023/11/14 3:15 a.m.13 views

Design/Logic Flaw

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

3.6CVSS6.4AI score0.00867EPSS
Exploits0References7Affected Software1
pypa
pypa
added 2023/11/14 3:15 a.m.6 views

PYSEC-2023-239

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation...

6.8CVSS7.1AI score0.00867EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/11/14 3:15 a.m.5 views

UBUNTU-CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS6.7AI score0.00867EPSS
Exploits0References5
osv
osv
added 2023/11/14 3:15 a.m.4 views

PYSEC-2023-239

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation...

6.8CVSS6.7AI score0.00867EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/11/14 12:0 a.m.28 views

AsyncSSH Security Vulnerability

AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A security vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to take...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References6
cve
cve
added 2023/11/14 12:0 a.m.141 views

CVE-2023-46446

CVE-2023-46446 is confirmed in IBM Storage Ceph (Python AsyncSSH) as a Rogue Session Attack affecting AsyncSSH prior to 2.14.1. IBM’s bulletin ties CVE-2023-46446 to IBM Storage Ceph versions 6.0, 6.1z0-z9, 7.0z0-z1, 7.1z0-z3, and 8.0z0-z3, with the remediation to upgrade to 7.0z2. The advisory n...

6.8CVSS6.4AI score0.00867EPSS
Exploits0References8Affected Software1
github
github
added 2023/11/09 6:35 p.m.26 views

AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

6.8CVSS7.3AI score0.00867EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder